Roland Roland wrote:
> ...
>
> ------------------added to Squid.conf:------------------
>
> acl MyNet src 192.168.0.0/24
> http_access allow MyNet (this is set before the deny all rule)
> wccp_router 192.168.0.1
> http_port 3128 transparent
>
>
> ------------------connectivity------------------
>
> ip tunnel add wccp0 mode gre remote 192.168.0.1 local 192.168.0.108
> dev eth0
> ip addr add 192.168.0.108/24 dev wccp0
> ip link set wccp0 up
>
> iptables -t nat -A PREROUTING -i wccp0 -j REDIRECT -p tcp --to-port 80
> <<-- to direct from GRE to port 80
>
>
>
> ...
Hi Roland,
My experience is almost exclusively with wccp2 but off the bat the only
think that looks 'funky' to me is your iptables rule and a few /proc tweaks.
Try the following after doing the "ip link set wccp0 up":
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 0 > /proc/sys/net/ipv4/conf/wccp0/rp_filter
The GRE tunnel is only there to provide decapsulation of the WCCP
traffic from the router. Once that is done the traffic is essentially
still pointing towards port 80. Since you're running your squid on port
3128 your iptables rule NEEDS to redirect incomming port 80 traffic to
that port, so it should read:
iptables -t nat -A PREROUTING -i wccp0 -p tcp --dport 80 -j REDIRECT
--to-port 3128
regards,
Regardt vd Vyver
Received on Thu Dec 18 2008 - 18:52:41 MST
This archive was generated by hypermail 2.2.0 : Fri Dec 19 2008 - 12:00:02 MST